I DESCRIPTION 

ENCRYPTION DEVICE, KEY DISTRIBUTION DEVICE AND KEY 
DISTRIBUTION SYSTEM 

5 BACKGROUND OF THE INVENTION 

1. Field of the Inventio nTcchniGal Fiol d 

The present invention relates to a technology for distributing 
key data for using content to devices with permission to use the 
10 content. 

I 2. Description of the Related Art Baokground A agfe 

To prevent the illegitimate use of digital content data 
(hereafter referred to as content) various technologies have been 
15 used. These technologies permit, for example, uses such as encryption 
and decryption of the content in legitimate devices, and prevent 
such uses in illegitimate devices . One of these technologies is laid 
open in Patent Document 1, which describes a technology for 
distributing the key data, in the manner described below, such that 
2 0 only legitimate devices can acquire the key data for using the content . 

Each device using the content holds an individual key 
particular to itself . The key data for using the content is encrypted 
using the respective individual keys held by each of the legitimate 
devices, and distributed. Legitimatedevicesdecryptwhat theyreceive 
25 using their individual keys and obtain the key data, but illegitimate 
devices fail to decrypt what they receive, even if they have their 
own keys, and cannot obtain the key data. Hence, illegitimate use 
of the content can be prevented. 
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If, however, a device permitted to use of the content outsources 
the encryption or decoration processing to another device, the key- 
distribution device cannot confirm whether or not the outsource 
j destination device (i.e.^ the key data destination device) has the 
5 right to use the content. This is dangerous because there is a 
possibility that key data will be distributed to devices that do 
not have the right to use of the content. 

[Patent Document 1] Japanese laid open patent application 
2002-281013. 

10 [Non-patent Document 1] ""^GendaiangoriiX)!!" ( Modem encryption 

theory) , IKENO Shinichi, KOYAMA. Kenji, The Institute of Electronic, 
Information and Communication Engineers. 

[Non-patent Document 2] "Angro rlron nyimon" (An Introduction 
to encryption theory) 

15 OKAMOTO Eiji, Kyoritsu Publishing Inc. 

j SUMMARY OF THE INVENTIO NDiocloaurc of the Invcnt -3:^ 

In view of this problem, an object of the present invention 
is to provide a key distribution device , an outsource source encryption 
20 device and a key distribution system, which distribute key data to 
devices judged to have beenlegitimatelyoutsoinrced use of the content, 
j In order to achieve the stated ob j ect^ the present invention 

includes an outsource source encryption device that has permission 
to encrypt content received from a content distribution device, and 
25 outsources encryption of the received content to an outsource 
destination encryption device , the outsource source encryption device 
Including: a receiving unit operable to receive first license 
information proving that the outsource source encryption device has 
2 



permission from the content distribution device to use the content; 
a generating unit operable to generate second license information 
that includes the received first license information and proves that 
encryption of the content has been outsourced to the outsource 
5 destination encryption device; and a transmission unit operable to 
transmit the generated second license information together with the 
received content to the outsource destination encryption device. 

Further, the present invention includes a key distribution 
device that distributes key data used in encryption of content to 

10 encryption devices, the key distribution device including: an 
acquiring unit operable to acquire second license information that 
includes first license information proving that the first encryption 
device is permitted to use the content and proves that encryption 
of the content has been outsourced from a first encryption device 

15 to a second encryption device ; a j udging unit operable to j udge whether 
or not the second license information was generated by the first 
encryption device; and a transmission unit operable to transmit the 
key data to the second encryption device if a result of the judgment 
is in the affirmative. 

20 I Further, the present invention includes a^A-key distribution 

system that distributes key data for using content, the key 
distribution system including : an outsource source encryption device 
operable to receive first license information proving that the 
outsource source encryption device is permitted to use the content, 

25 generate second license information that Includes the first license 
information and proves that encryption of the content has been 
outsourced to an outsource destination device, and transmit the 
generated second license information together with received content 



to the outsource destination encryption device; an outsource 
destination encryption device operable to receive the second license 
information together with the content, transmit the received second 
license information to a key distribution device and receive the 
5 key data from the key distribution device; and a key distribution 
device operable to receive the second license information, judge 
whether or not the seccmd license information was generated by the 
first encryption device, and transmit the key data to the second 
encryption device when the judgment is in the affirmative. 
10 With this construction, the first encryption device is verified 

for use of the content via the first license information, and the 
outsourcing of use of the content by the first encryption device 
to the second encryption device can be verified via the second license 
information. Thus, the key distribution device, which distributes 
15 keys, only distributes the key data to the second encryption device 
if the second encryption device is judged to have been legitimately 
outsoxirced use of the content. 

BREIF DESCRIPTION OF THE DRAWINQ SBricf Dcacription of the Drawings 
FIG. 1 is a block diagram showing the construction of a key 
distribution system 1. 

FIG. 2 is a block diagram showing the construction of a data 
distribution device 100. 

FIG. 3 shows the make up of data in a license^ 
FIG. 4 is a block diagram showing the construction of an 
encryption device 200. 

FIG. 5 shows the make up of data in a renewed license. 
FIG. 6 is a block diagram showing the construction of an 
4 
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encryption device 300. 

FIG. 7 is a block diagram showing the construction of a key 
distribution device 400. 

FIG. 8 shows the make up of data in an individual key 
5 correspondence table 140. 

FIG . 9 is a flowchart showing operations of the data distribution 
device 100. 

FIG. 10 is a flow chart showing operations for the encryption 
of the content data by the encryption device 200. 
10 FIG. 11 is a flow chart showing operations for the outsourcing 

of the encryption of the content data. 

FIG. 12 isaf lowchart showingoperationsof thekeydistribution 
device 400. 

FIG. 13 isaf lowchart showing operations of thekeydistribution 
15 device 400. 

FIG. 14 is a flowchart showing the processing undertaken by 
the whole key distribution system 1. 

FIG. 15 shows a structure of an integrated circuit for 
ittplementing ain encryption device. 
20 FIG. 16 shows a construction of an integrated circuit for 

implementing a key distribution device. 

FIG. 17 shows an example of the license used when an outsource 
destination device further outsources use of the content to another 
device . 

25 

DETAILED DESCRIPTION OF THE INVENTION Boot tfodG for Carrying -Qafe 
■feh c Invont -a^i 

Below, an embodiment of the present invention is described 



with reference to the drawings. 

1. Construction of the key distribution system 1 
As shown in FIG . 1 , the key distribution system 1 is constructed 
from the data distribution device 100, the encryption device 200, 
5 the encryption device 300 and the key distribution device 400. 

The encryption devices 200 and 300 encrypt the content data 
I and record it onto a^disk . Hie key distribution device 400 distributes 
the key data used to encrypt the content data. The data distribution 
device 100 distributes source data for the content data that is recorded 
10 onto the disk, and gives permission to record the content data onto 
the disk, issuing licenses to approved devices. 

Here, the data distribution device 100 is maintained by a user 
who holds the copyright for the content data. Where the copyright 
holder permits the recording of the content data by another user, 
15 a license is issued to that user. For example, if the user of the 
encryption device 200 is permitted to record the content data, the 
data distribution device 100 issues a license to the encryption device 
200 . On receiving the license, the encryption device 200 transmits 
the license to the key distribution device 400, and requests the 
20 key data for encrypting the digital content. The key distribution 
device 400 checks the license, and where it judges that the encryption 
device 200 is permitted to record, transmits the key data to the 
encryption device 200. 

The data encryption device 200 receives the key data, encrypts 
25 I the content data and records the encrypted content onto a disk. 

Further, where the encryption device 200 is permitted to record 
the content data and the encryption processing of the content data 
is to be outsourced to the encryption device 300, the encryption 



device 200 renews the license, and outsources the encryption 
processing to the encryption device 300 by transmitting the renewed 
license from the encryption device 200 to the encryption device 300 . 
The encryption device 300 transmits the renewed license 
5 received from the encryption device 20 0 to the key distribution device 
400, andrequests thekeydata. Thekeydistributiondevice400 verifies 
the renewed license, and where the encryption device 300 is judged 
to have been legitimately outsourced, transmits the key data to the 
encryption device 300. 
10 Each device is described below. 

I 1. 1 1.1 Data distribution device 100 

The data distribution device ICQ is a device that generates 
a license 120 shown in FIG. 3, and as shown in FIG. 2, is constructed 
from a key storing unit 101, an ID storing unit 102, a signature 
15 generating unit 103, a clock unit 104, a content data storing unit 
105, a license issuing vinit 106 and a transmission unit 107. 

In practice, the data distribution device 100 is a computer 
system constructed from a microprocessor, RAM, ROM, a hard disk unit, 
a display unit and the like . A computer program is stored in at least 
20 one of the RAM and the hard disk unit. 

The data distribution device 100 functions by having the 
microprocessor perform operations according to the computer program. 
Each construction is described below. 

(1) Key storing unit 101, ID storing unit 102 and content data 
25 storing unit 105 

The content data storing unit 105 stores the content data. 
The ID storing unit 102 stores the ID of encryption devices 
permitted to encrypt the content data and record it onto disk. Here, 



the ID storing unit 102 stores "0x000001" as the ID for the encryption 
device 200. 

The key storing unit 101 stores a secret key SKdd used in the 
generation of a signature to be included in the license 120 of FIG. 
5 3. 

(2) Clock unit 104 

The clock unit 104 keeps the current date and time. 

(3) Signature generating unit 103 

The signature generating unit 103 generates an issue date 121 

10 and a signature 123 to be included in the license 120 of FIG. 3. 
For example, in FIG. 3, the issue date 121 expresses the year, month 
and day using a continuous eight figure number. 

When the issue date 121 is generated, the signature generating 
unit 103 acquires the current year, month and day data from the clock 

15 unit, and connects the acquired year, month and day data in the stated 
order to form the issue date 121. 

Further, the signature generating unit 103 reads off the ID 
of encryption device 200, which is "0x000001", from the ID storing 
unit, and this becomes identifier 122. 

20 When the signature 123 is generated, the signature generating 

unit 103 connects the issue date 121 and the identifier 122 to form 
connected data Ca . Here , if the issue date 121 is DATE and the identifier 
122 is IDl, the connected data Ca is expressed as DATE||id1, where 
" II" indicates that data has been connected. The signature generating 

25 vinit 103 also reads off the secret key SKdd from the key storing 
unit 101, performs a digital signature algorithm Sig on the connected 
data Ca= DATE || IDl using the read- off secret key Skdd, and generates 
a digital signature SIG=Sig (SKdd, DATEflDl) . Here "Sig (SKdd, 



DATE||id1)" indicates a generation operation of performing Sig on 
DATE||idi using Skdd. 

Note also that the target data for the signature is not limited 
to the connection of the issue date 121 and the identifier 122 data. 
5 Other data may be targeted provided that the selected data is dependent 
on the data in the license. 

The signature generating unit 103 outputs the signature 123, 
the issue date 121, and the identifier 122 to the license issuing 
unit 106, where the signature 123 is SIG, the generated digital 
10 signature. 

Note also that a possible choice of the digital signature 
algorithm, Sig, is the finite field ElGaraal signature. Since the 
ElGamal signature is well-knovm, a description is omitted here. 
(4) License issuing unit 106 
15 The license issuing unit 106 generates the license 120 shown 

in FIG. 3. 

The license 120 is composed of the issue date 121 , the identifier 
122, and the signature 123. 

The issue date 121 shows the date on which the license 120 
20 is issued. 

The permitted-to-encrypt device identifier 122 is an ID for 
a device that is permitted to encrypt the content data stored in 
the content data storing unit 105 . 

The signature 123 is the digital signature generated by the 
25 signature generating \anit 103. 

The license issuing unit 106 receives the issue date 121, the 
identifier 122 and the digital signature 123 from the signature 
generating unit 103, and combines these to form the license 120. 



Further, the license issuing unit 106 reads off the content 
data stored in the content data storing imit 105, and transmits both 
the license 120 and the content data, as license information indicating 
that encryption processing of the content data is permitted, to the 
5 encryption device 200 via the transmission unit 107 
(5) Transmission unit 107 

The transmission unit 107 transmits the license information 
received from the license issuing unit 106 to the encryption device 
200. 

10 I 1.2 1. 2 Encryption device 200 

The encryption device 200 is constructed, as shovm in FIG. 
4 , from a reception unit 201, a key requesting unit 202 , an individual 
key storing unit 203, a certifier generating unit 204, a decryption 
\xnit 205, an encryption unit 206, a transmission unit 207, a license 
15 acquiring unit 208, an outsource processing unit 209, a recording 
xmit 210, an outsource destination ID storing unit 211, a content 
data storing unit 212, an input unit 213, and a display unit 214. 

The encryption device 200 is a conputer system similar to that 
of data distribution device 100. 
20 Each construction is described below. 

(1) Reception unit 201 and transmission unit 207 
The reception vnit 201 receives data from other devices. 
On receiving the license information from the data distribution 
device 100, the reception unit 201 stores the content data included 
25 in the license information in the content data storing unit 212 and 
outputs the license 120 to the license acquiring unit 208. 

Further, on receiving the encrypted key data from the key 
distribution device 400, the reception unit 201 outputs the encrypted 



key data to the decryption unit 205. 

The transmission vinit 207 transmits data to other devices. 

On receiving key request information that includes the license 
120 from the key requesting unit 202, the transmission unit 207 
5 transmits the key request information to the key distribution device 
400. Further, on receiving outso\arce information that includes a 
renewed license from the outsoiarce processing unit 209, the 
transmission unit 207 transmits the outsource information to the 
encryption device 300. 
10 (2) Individual key storing unit 203 

The individual key storing unit 203 stores an individual key 
Kl, which is particular to the encryption device 200. 

(3) Outsource destination ID storing unit 211 

The outsource destination ID storing unit 211 stores the ID 
15 identifying the destination encryption device to which the encryption 
of the content data is to be outsourced . Here , the outsource destination 
ID storing unit 211 stores"0x000002" as the ID for the encryption 
device 300. 

(4) Content data storing unit 212 

20 The content data storing unit 212 stores the content data 

received by the reception unit 201 from the data distribution device 
100. 

(5) License acquiring unit 208 

The license acquiring unit 208 acquires the license 120 received 
25 by the reception vinit 201 from the data distribution unit 100, and 
also receives instruction information, which depends on input from 
a user, from the input unit 213. If the instruction information 
indicates that the encryption processing of the content data is to 



be performed in the encryption device 200, the license acquiring 
unit 208 outputs the license 120 to the key requesting unit 202. 
If, on the other hand, the encryption processing is to be outsourced 
to another device, the license acquiring unit 208 outputs the license 
5 120 to the verifier generating imit 204 . 

(6) Key requesting unit 202 

The key requesting unit 202 receives the license 120 from the 
license acquiring unit 208, generates the key request information 
that includes the received license 120 and indicates that key data 
10 is being requested, and transmits the key request information to 
the key distribution device 400 via the transmission unit 207. 

(7) Decryption unit 205 

The decryption unit 2 05 receives the encrypted key data received 
by the reception unit 201 from the key distribution device 400, and 

15 reads off the individual key Kl from the individual key storing unit 
203. Using the read-off individual key Kl, the decryption unit 205 
performs a decryption algorithm Dl on the encrypted key data, and 
generates the plaintext key data. Here, the decryption algorithm 
Dl performs a process that is the inverse of the encryption algorithm 

20 El used by the key distribution device 400 to encrypt the key data. 
One example of a possible encryption algorithm El is DES . Since DES 
is well-known, a description is omitted here. 

The decryption unit 205 outputs the generated key data to the 
encryption unit 206. 

25 (8) Encryption lanit 206 

The encryption unit 2 06 receives the key data from the decryption 
unit 205 , and reads off the content data from the content data storing 
unit 212. Using the received key data, the encryptionunit 206 performs 



the encryption algorithm El on the content c3ata , encrypting the content 
data to generate encrypted content data. 

The encryption unit 206 outputs the encrypted content data 
it has generated to the recording unit 210. 
5 (9) Recording vmit 210 

On receiving the encrypted content data from the encryption 
unit 206, the recording unit 210 writes the encrypted content data 
onto a DVD 500. Note that the recording medium is not necessarily 
a DVD . The encrypted data may be recorded onto any portable recording 
10 medium, possible examples being a CD or a BD (Blu-ray Disc) . 

(10) Certifier generating unit 204 

The certifier generating unit 204 generates the renewed license 
130 of FIG. 5 by renewing the license 120 of FIG. 3. The renewed 
license 130 is generated by adding, to the license 120 of FIG. 3, 
15 an identifier 124 for the outsource destination encryption device 
and a certifier 125 that depends on the outsource source encryption 
device . 

The identifier 124 is an ID for the destination encryption 
device to which the encryption processing is to be outsourced. Here, 

20 it is the ID for the encryption device 300 . The certifier generating 
unit 204 reads off the identifier for the encryption device 300, 
the outsource destination, which is "0x000002", and this becomes 
the identifier 124 . 

Further, the certifier 125 is a (Message Authentication Code: 

25 MA.C) certifier generated using the issue date 121, the ID 122, the 
signatxire 123, 3ind the ID 124. The certifier generating vinit 204 
extracts the issue date 121, the ID 122, and the signature 123, pieces 
of data which are included in the license 120 , and connects the pieces 



of extracted data and the identifier 124 to form connected data C!b. 

If the issue date 121 is DATE, the identifier 122 is IDl, the 
signature 123 is SIG, and the identifier 124 is ID2, the connected 
data Cb is expressed as DATE||idi||sig||iD2. Further, the certifier 
5 MAC is generatedby reading of f the individual key Kl from the individual 
key storing unit 203, and using the individual key Kl, performing 
a certifier generating algorithm Mac on the connected data Cb where 
MAC=Mac{Kl,DATE||lDl||siG|lD2) . Here, Mac (Kl, DATE || IDl | SIG ||lD2) 
indicates the operation of performing Mac on DATE || IDl ||sig||iD2 using 
10 Kl. 

Note that the data targeted for certifier generation need not 
be limited to the connected data Cb, but may be any data dependent 
on the elemnents of the connected data Cb. Note also that since the 
certifier generation algorithm is contained in Non-patent Document 
15 1 and Non-patent document 2 and is well known, a description is omitted 
here. 

With the generated certifier MAC as the certifier 125, the 
certifier generating unit 204 generates the renewed license 130 by 
adding the identifier 124 and the certifier 125 to the license 120, 
20 and outputs the renewed license 130 to the outsource processing unit 
209. 

(11) Outsource processing unit 209 

The outsource processing unit 209 receives the renewed license 
130 from the certifier generating unit 204, and reads off the content 
25 data from the content data storing unit 212 . The outsource processing 
vmit 209 generates the outsource information, which includes the 
content data and the renewed license 130, and which indicates that 
the encryption of the content data is to be outsourced. The outsource 



processing unit 209 outputs the outsource information to the 
encryption device 300 via the transmission unit 201 . 

(12) Input unit 213 and display unit 214 

The input unit 213 receives input according to user operation, 
5 and outputs what it has received to the license acquiring unit 208 
as the instruction information. 

Display unit 214 displays the results based on the notification 
information. 

1.3 Encryption device 300 
10 The encryption device 300 is constructed, as shown in FIG. 

6 , from a reception unit 3 01 , a key requesting unit 3 02 , an individual 
key storing unit 303, a decryption unit 305, an encryption unit 306, 
a transmission unit 307, a license acquiring unit 308, a recording 
unit 310, a content data storing unit 312, an input unit 313, and 
15 a display unit 314. 

The encryption device 300 is a computer system similar to the 
encryption device 200. 

(1) Reception vxxlt 301 and transmission unit 307 

On receiving the outsource information from the encryption 
20 device 200, the reception unit 301 stores the content data included 
in the outsource information in the content data storing unit 312, 
and outputs the renewed license 130 to the license acquiring unit 
308. 

Further, on receiving the encrypted key data from the key 
25 distribution device 400, the reception unit 301 outputs the received 
encrypted key data to the decryption unit 305. 

On receiving the key request information including the renewed 
license 130 from the key requesting unit 302, the transmission unit 



307 transmits the received key request infomnation to the key- 
distribution device 400. 

(2) Individual key storing unit 303 

The individual key storing unit 303 stores an individual key 
5 K2, which is particular to encryption device 300. 

(3) Content data storing unit 312 

The content data storing unit 312 stores the content data 
included in the outsource information that is received from the 
encryption device 200 by the reception unit 301. 
10 (4) License acquiring unit 308 

The license acquiring unit 308 acquires the renewed license 
130 received from the encryption device 200 by the reception unit 
301, and depending on the instruction information from the input 
unit 313, outputs the renewed license 130 to the key requesting unit 
15 302. 

(5) Key requesting unit 302 

On receiving the renewed license 130 from the license acquiring 
unit 308, the key requesting unit 302 generates the key request 
information, which includes the renewed license 130 and indicates 
20 that key data is requested. The key requesting unit 302 transmits 
the key request information to the key distribution device 400 via 
the transmission unit 307. 

(6) Decryption unit 305 

The decryption unit 305 accepts the encrypted key data received 
25 from the key distribution device 400 by the reception unit 301, reads 
off the individual key K2 from the individual key storing unit 303, 
decrypts the encrypted key data by performing a decryption algorithm 
Dl on the encrypted key data using the individual key K2 , and generates 



the key data. The decryption unit 305 outputs the generated key data 
to the encryption unit 306. 

(7) Encryption imit 306 

The encryption unit 306 receives the key data from the decryption 
5 unit 305, reads off the content data from the content data storing 
unit 312, and generates encrypted content data by performing an 
encryption algorithm El on the content data using the received key 
data . The encryption unit 306 outputs the generated encrypted content 
data to the recording unit 310 . 
10 (8) Recording unit 310 

In a manner similar to the recording unit 210, on reception 
of the encrypted content data from the encryption unit 306, the 
recording unit 310 records the encrypted content data onto a DVD 
600. 

15 (9) Input unit 313 and display unit 314 

The input unit 313 receives input dependant on the operations 
of the user, and outputs what it has received to the license acquiring 
unit 308 as instruction information. 

The display unit 314 displays results based on notification 
20 information received from the reception unit 301. 
1. 4 Key distribution device 400 

The key distribution device 400 is constructed, as shown in 
FIG. 7, from a reception unit 401, a verification key storing unit 
402, a signature verifying unit 403, an individual key storing unit 
25 404, a certifier verifying unit 405, a key generation judging unit 
406, akey generating imit 407, an encryption vinit 408, a transmission 
unit 409, a renewal judging unit 410, and a notification unit 411. 

The key distribution system 400 is a computer system similar 



to that of data distribution device 100. 

(1) Reception vmit 401 

The reception unit 401 receives the key request information 
from the encryption device 200 and the encryption device 300, and 
5 outputs the received key request information to the renevTal judging 
unit 410. 

(2) Renewal judging unit 410 

The renewal judging unit 410 judges whether or not the license 
included in the key request information has been renewed, a judgment 

10 that can, for example, be made based on the data size of the received 
license data. If, for example, for the licenses shown in FIG. 3 and 
FIG. 5, the issue date 121 is 2 bytes, the permitted device identifier 
122 is 2 bytes, and the signature 123 is 40 bytes, the data size 
of the received license is 44 bytes, and the license is judged as 

15 not renewed. If, on the other hand, the data size is more than 44 
bytes, the license is judged as renewed. 

Where the license is judged as not renewed, the renewal judging 
unit 410 outputs the license 120 to the signature verifying unit 
403. Where, on the other hand, the license is judged as renewed, 

20 the renewal judging unit 410 outputs the renewed license 130 to both 
the signature verifying unit 403 and the certifier verifying unit 
405. 

(3) Verification key storing unit 402 and signature 
verifying unit 403 

25 Verification key storing unit 402 stores a verification key 

PKdd, which is a pxiblic key corresponding to the secret key SKdd 
that is stored by the data distribution device 100. 

The signatvire verifying unit 403 verifies the signature 123 



included in the license 120 and the renewed license 130. 

The signature verifying unit 403 extracts the issue date 121 
and the identifier 122, which are included in both the license and 
the renewed license, and connects them in the stated order to form 
5 connected data Ca' . Further, the signatvire verifying unit 403 reads 
off the verification key PKdd from the verification key storing unit 
402 , and verifies the signature by performing a signature verification 
algorithm V on the signature 123 using the read-off verification 
key PKdd and the connected data Ca' . Here, the signature verification 

10 algorithm V is based on the ElGammal signatvire formula, and enables 
the verification of digital signature data generated using the digital 
signature algorithm Sig. 

The digital signatxure verifying unit 403 outputs the 
verification result to the certifier verifying imit 405 and the key 

15 generation judging unit 406. 

(4) Individual key storing unit 404 

The individxaal key storing unit 404 stores the individual key 
correspondence table 140 shown in FIG. 8. 

The individual key correspondence table 140 is constructed 

20 I by listing the IDs ID' a for the various encryption devices that make 
up system 1 in correspondence with the individual keys for the various 
encryption devices. Here, for the encryption devices 200 and 300, 
the ID of the encryption device 200, which is "0x000001" , corresponds 
to the individual key Kl, and the ID of the encryption device 300, 

25 which is "0x000002", corresponds to the individual key K2. 

(5) Certifier verifying unit 405 

The certifier verifying unit 405 receives the renewed license 
130 from therenewaljudgingunit 410. Further, the certifier verifying 



unit 4 05 receives the verification result from the signature verifying 
unit 403, and where the verification result indicates a successful 
verification, checks whether or not the certifier 125 included in 
the renewed license 130 is legitimate. 
5 On receiving the renewed license 130 from the renewal judging 

unit 410, the certifier verifying unit 405 extracts the issue date 
121, the identifier 122, the signature 123, and the identifier 124, 
and connects them to form connected data Co' . Further, referring 
to the individual key correspondence table 14 0 stored in the individual 

10 key storing unit 404, the certifier verifying unit 405 selects and 
reads off the individual key corresponding to the outsource 
destination encryption device ID, which is identifier 124. Here, 
the certifier verifying unit 405 reads off the individual key K2, 
which corresponds to the ID for enciryption device 300. 

15 Using the individual key K2, the certifier verifying unit 405 

performs certifier generation algorithm Mac on the formed connected 
dataC33' to generate a certifier MAC ' , compares MAC with the certifier 
125 included in the renewed license, and checks whether or not the 
two are identical. If the two are identical then certifier 125 is 

20 judged to be legitimate, and if they are not identical, certifier 
125 is judged to be illegitimate. 

Further, the certifier verifying xmit 405 outputs this result 
as a certification result to the key generation judging unit 406. 
(6) The key generation judging unit 406 

25 In the case that the license is judged as not renewed, the 

key generation judging unit 406 receives the verification result 
from the signature verifying unit 403, and where the verification 
result indicates a successful verification, the key generation j udging 



unit 406 outputs a judgment result indicating that the key data is 
to be generated to the key generating unit 407. Where, on the other 
hand, the verification result indicates a verification failure, the 
key generation judging \jnit 406 outputs the judgment result indicating 
5 that the key data cannot be generated to notification unit 411. 

In the case that the license is judged as renewed, and where 
the verification result from the signature verifying unit 403 
indicates a verification failure, the key generation judging unit 
406 outputs the judgment result to the notification unit 411 in much 

10 the same way as described above. Where, on the other hand, the 
verification result from the signature verifying unit 403 indicates 
a successful verification, the key generation judging unit 406 
receives the certification result from the certifier verifying unit 
405, and if the certification result indicates legitimacy, outputs 

15 the judgment result indicating that key data is to be generated to 
the key generating unit 407 . If, on the other hand, the certification 
result from the certifier verifying unit 405 indicates illegitimacy, 
the key generation jijdging 406 unit outputs the judgment result 
indicating that key data cannot be generated to the notification 

20 unit 411. 

(7) Key generating unit 407 

On receiving the judgment result indicating that key data is 
to be generated from the key generation judging unit 406, the key 
generating imit 407 generates key data to be used for encrypting 
25 the content data, and outputs the generated key data to the encryption 
unit 408. 

(8) Notification unit 411 

On receiving the j udgment result from the key generation j udging 



unit 406, the notification unit 411 generates the notification 
information indicating that the key data cannot be generated, and 
transmits the generatednotif ication information via the transmission 
\anit 409 to the encryption device that was the so\arce of the request 
5 for the key data. 

(9) Encryption unit 408 

The encryption unit 408 receives the key data from the key 
generating unit 407, and also one of the license 120 and the renewed 
license 130 from the renewal judging unit 410. 

10 If the license 120, which has not been renewed, is received, 

the encryption unit 408 reads off the individual key corresponding 
to the identifier 122 for the device permitted to encrypt from the 
individual key correspondence table 140, which is stored in the 
individual key storing unit 404. If, on the other hand, the renewed 

15 license 130 is received, the encryption unit 408 reads off the 
individual key corresponding to the identifier 124 for the outsource 
destination encryption device from the individual key correspondence 
table 140. 

Using the read-off individual key, the encryption tonit 408 
20 performs the encryption algorithm El on the key data, encrypts the 
key data to generate the encrypted key data, and outputs the encrypted 
key data to the transmission unit 409. 

(10) Transmission unit 409 

The transmission unit 409 receives the notification 
25 information from the notification unit 411 , and transmits the received 
notification information to the encryption device that was the source 
of the request. Further, the transmission unit 409 receives the 
encrypted key data from the encryption unit 408, and transmits the 



received encrypted key data to the encryption device that was the 
source of the request. 

2. Operation of key distribution system 1 
The operation of the various devices that make up system 1 
5 is described below. 

2.1 Operation of data distribution device 100 

The operation of data distribution system 1 when issuing 
licenses is described with reference to FIG, 9. 

The signature generating unit 103 acquires the current date 

10 and time from the clock unit 104 and generates issue date 121, reads 
off the ID of the device permitted to encrypt the content data from 
the ID storing unit 102 as the identifier 122, and connects these 
data to form the connected data Ca. Further, the signature generating 
unit 103 reads off the secret key SKdd from the secret key storing 

15 unit 101 . Using the read-off secret key SKdd, the signatiare generating 
unit 103 generates the signature 123 for the connected data Ca (Step 

5701) and outputs the generated signature 123, the issue date 121 
and the identifier 122 to the license issuing unit 106. 

The license issuing unit 106 generates the license 120 from 
20 the issue date 121, the identifier 122 and the signature 123 (Step 

5702) , reads off the content data from the content data storing unit 
105 (Step S703) . Further, the license issuing unit 106 generates 
the license information including the license 120 and the content 
data, and transmits the license information to the encryption device 

25 200 (Step S704) via the transmission unit 107, thus completing the 
license issuing process. 

2.2 Operation of encryption device 200 

On receiving the license information from the data distribution 



device 100, the encryption device 200 performs the following 
processing in accordance with the user instruction information from 
the input unit 213 . The case where the encryption device 200 performs 
the enciryption processing and the case where the encryption device 
5 200 outsources the encryption processing to the encryption device 
300 are described below. 

(1) In the case that encryption processing is perfoiroed 
The case where the encrypt ion device 200 performs the encryption 
processing is described with reference to FIG. 10. 
10 The license acquiringxanit 208 receives the license 12 0 received 

by the input unit 201, outputs the license 120 to the key requesting 
unit 202 in accordance with the instruction information from the 
input unit 213 , and stores the content data in the content data storing 
unit 212. 

15 The key requesting unit 202 generates the key request 

information including the license 120, and transmits the key request 
information via the transmission unit 207 to the key distribution 
unit 400 (Step S711) . 

On receiving the encarypted key data from the key distribution 
20 unit 400 (YES instep S712) , the receptionunit201outputs the encrypted 
key data to the decryption unit 205. 

The decryption unit 205 reads off the individual key Kl from 
the individual key storing unit 203, decrypts the encrypted key data 
using the read-off key Kl to generate the key data (Step S713) , and 
25 outputs the generated key data to the encryption unit 206. 

The encryption unit 206 receives the key data, reads off the 
content data from the content data storing unit 212, and encrypts 
the read off content data using the key data to generate the encrypted 



content data (StepS7l4) . Theencryptionunit 206 outputs the generated 
encrypted content data to the recording unit 210 . 

The recording unit 210 records the encrypted content data onto 
the DVD 500 (Step S715) , and in so doing completes the processing. 
5 Note that, in step S712, where notification information is 

received instead of the encrypted key data from the key distribution 
device 400 (NO in Step S712) , the display unit 214 displays a result 
indicating the key data cannot be acquired (Step S716 ) . This completes 
the processing. 

10 Note also that, where it is the encryption device 300 that 

encrypts the content data, having received the renewed license, the 
processing is similar to that described above. 

(2) Where encryption processing is outsourced 
The operation of the encryption device 200 in the case where 
15 the encryption device 300 is outsourced the encryption processing 
is described with reference to FIG. 11. 

Where the instruction information from the input unit 213 
indicates that the encryption processing is to be outsourced, the 
license acquiring unit 208 outputs the license 120 to the certifier 
20 generating unit 204 . 

The certifier generating vnit 204 reads off the individual 
key Kl from the individual key storing unit 203, reads off the ID 
of the outsource destination encryption device 300 from the outsource 
destination ID storing unit 211, and extracts the issue date 121, 
25 the identifier 122, and the signature 123 from the license 120. With 
the outsource destination identifier ID as identifier 124, the 
certifier generating unit 204 forms the connected data Cb by connecting 
the identifier 124 and the extracted data, and using the individual 



key Kl, generates a certifier 125 for the connected data C3d (Step 
S721) , The certifier generating unit 204 generates the renewed license 
130 by adding the identifier 124 and the certifier 125 to the license 
120 (Step S722) , and outputs the generated renewed license to the 
5 outsource processing xmit 209. 

The outsource processing unit 209 receives the renewed license 
130, reads off the content data from the content data storing unit 
212, generates the outsoiirce information that includes the renewed 
license 130 and the content data, and outputs the outsource information 
10 to the encryption device 300 (Step S723) . This completes the 
processing . 

2.3 Operation of key distribution device 400 
The operation of the key distribution device 400 is described 
with reference to FIG. 12 and FIG. 13. 

15 On reception of a license by the reception vinit 401 (Step 

S741) , therenewal judging unit 410 judges, as described above, whether 
or not the license has been renewed (Step S742) . Where the license 
has not been renewed (NO in step S743) , the renewal judging unit 
410 outputs the license to the signature verifying unit 403. 

20 The signature verifying unit 403 receives the license, and 

reads off the verification key PKdd from the verification key storing 
unit 402. Further, the signature verifying unit 403 extracts the 
issue date 121 and the identifier 122 from the license, connects 
them to form connected data Ca' , verifies the signature 123 using 

25 the connected data Ca' and the verification key PKdd (Step S744) , 
and outputs the verification result to the key generation judging 
vinit 406. 

Where the received verification result indicates that 



verification has been successful (Step S745) , the key generation 
judging unit 406 judges in favor of generating the key data (Step 
S746) , and outputs the instruction information instructing the key 
generating unit 407 to generate the key data. 
5 On receiving the instruction information, the key generating 

unit 407 generates the key data (Step S747) , and outputs the generated 
key data to the encryption unit 408. 

The encryption unit 408 receives the key data, receives the 
license from the renewal judging unit 410, selects the individual 

10 key corresponding to the identifier 122 in the received license from 
the individual key storing unit (Step S748) , encrypts the key data 
using the selected individual key (Step S749) , and outputs the 
generated encrypted key data to the transmission unit 409. The 
transmissionunit 409 tranmits the encryptedkey data to the encryption 

15 device that was the source of the request for the key data (S750) . 

Where, on the other hand, the signature verification result 
of Step S744 indicates that verification has failed (NO in Step S745) , 
the key generation judging unit 406 judges against generating the 
key data (Step S751) , and outputs the instruction information 

20 instructing the notification unit 411 to provide notification of 
this result. 

On receiving the instruction information, the notification 
unit 411 generates the notification information indicating that the 
generation of key data is not possible, and via the transmission 
25 unit 409, transmits the notification information to the encryption 
device that was the source of the request for the key data (Step 
S752) . 

Where, in Step S743, the license is judged to be renewed (YES 



in Step S743 ) , the renewal judgingunit 410 outputs the renewed license 
to the signature verifying unit 403 and to the certifier verifying 
unit 405. 

In a similar way to Step S744, the signatxire verifying unit 
5 403 verifies the signature (Step S761) , and outputs the verification 
result to the key generation judging unit 406 and the certifier 
verifying unit 405. 

Where the signature verification result indicates a successful 
verification (YES in Step S762) , the certifier verifying unit 405 

10 reads off the individual key corresponding to the outsource 
destination identifier 124 included in the renewed license from the 
individual key storing unit 404 . Further, the certifier verifying 
unit 405 extracts the issue date 121, the identifier 122 , the signature 
123, and the identifier 124 from the renewed license, connects them 

15 to form connected data di' , verifies the certifier 125 of the renewed 
license using the connected data Co' and the individual key (Step 
S763) , and outputs the verification result to the key generation 
judging tinit 406. Note that where the signatiore verification result 
indicates that verificationhas failed (NOinStepS762) , the certifier 

20 verifying unit 405 does not perform verification. 

Where the certifier verification result indicates a successful 
verification (YES in Step S764) , the key generation judging unit 
406 judges in favor of generating the key data (Step S765) , and outputs 
the instruction information instructing the key generating unit 407 

25 to generate key data. 

On receiving the instruction information, the key generating 
unit 407 generates the key data (Step S766) , and outputs the key 
data to the encryption unit 408. 



The encryption imit 408 acquires the renewed license, and 
selects the individual key corresponding to the outsource destination 
identifier 124 from the individual key storing unit 404 (Step S767) . 
The encryption unit 408 encrypts the key data using the selected 
5 individual key, generates the encrypted key data (Step S768) , and 
outputs the encrypted key data to the transmission unit 409. 

The transmission unit 409 transmits the encrypted key data 
to the encryption device that was the source of the request for key 
data (Step S769) . This completes the processing. 

10 Where, the signature verification result indicates that 

verification has failed (NO in Step S762) , and alternatively, where 
the signature verification result indicates a successful verification, 
but the certifier verification result indicates that verification 
has failed (NO in Step S764) , the key generation jiidging unit 406 

15 judges against generating the key data (Step S751) , and the 
notification unit 411 transmits the notification information to the 
encryption device via the transmission \mit 409 (Step S752) . This 
completes the processing. 

2.4 Operation of key distribution system 1 as a whole. 

20 The case where the encryption device 200 outsources encryption 

processing to the encryption device 300 is described below with 
reference to FIG. 14. 

The data distribution device 100 generates the license that 
includes the signature data, and transmits the license together with 

25 the content data to the encryption device 200 as the license information 
(Step S781) . The encryption device 200 receives the license 
information, generates a certifier for the license and the outsource 
destination encryption device ID \ising the individual key Kl, and 



renews the license (Step S782) . The encryption device 200 transmits 
the outsource information that includes the renewed license and the 
content data to the encryption device 300 (Step S783) . 

The encryption device 300 receives the outsource information, 
5 and transmits the key request information that includes the renewed 
license to the key distribution device 400 (Step S784) . 

The key distribution device 400 receives the key request 
information, and verifies whether or not the signature and the 
certifier contained in the renewed license are legitimate (StepS785) . 

10 Where either verification result indicates that verification has 
failed (NO in Step S786) , the processing ends without the key being 
distributed. Where, on the other hand, the verification results 
indicate successful verification (YES in Step S786) , the key 
distribution device 400 generates the key data, encrypts the key 

15 data using the individual key for encryption device 300 to generate 
the encrypted key data, and transmits the generated encrypted key 
data to encryption device 300 (Step S787) . 

On receiving the encrypted key data, the encryption device 
300 decrypts the encrypted key data us ing its individual key to generate 

20 the key data. Further, the encryption device 300 encrypts the content 
data using the generated key data to generate encrypted content data 
(Step S789) , and records the generated encrypted content data onto 
a recording medium (Step S790) . This completes the processing. 
3 . Other modifications 

2 5 Note that though the present invention has been described based 

one the embodiment described above, the present invention is not, 
of course, limited to this embodiment. The present invention also 
includes the modifications of the type described below. 



(1) In the above embodiment, the encryption device 200 
performs the encryption processing of the content data itself, or 
outsources the encryption processing to the encryption unit 300. 
However, the encryption processing may be performed in both the 

5 encryption device 200 and the encryption device 300. 

For example, where a large number of recording media are to 
be used to record the encrypted content data, the encryption device 
200, generates a renewed license and outsources a proportion of the 
recording to the encryption device 300, and acquires the key data 

10 from the key distribution unit 400. Both the encryption device 200 
and the encryption device 300 encrypt content data using the key data, 
and record the encrypted content data onto recording media, the 
encryption device 300 being outsourced encryption processing using 
the renewed license and acquiring the key data from the key distribution 

15 device in a similar manner to the encryption device 200. 

If this is the case, the key distribution unit 400 does not 
deal with the encryption devices exclusively, distributing, for 
instance, the key data to one device and not the other. Instead, both 
when it receives the license, and when it receives the renewed license, 

20 the key distribution unit 400 performs verification, as in the above 
embodiment, and distributes the key data to the relevant device. 

(2) In the above embodiment, the encrypted content is recorded 
onto DVD 600 and DVD 500 but the content data may instead be distributed 
to the user via a network. 

25 (3) In the above embodiment, the encryptiondevice 200 generates 

a certifier for the connected data Cb using an individual key Kl. 
However, a digital signature instead of a certifier may be generated, 
and used in the renewal of the license. If this is the case, the 
31 



key distribution device 400 holds a verification key to verify the 
signature generated by the encryption device. 

(4 ) The data distribution device 100 may add a certifier instead 
of the signature to the license. If this is the case, the data 
5 distribution device 100 holds an individual key particular to the 
relevant device, and generates the certifier using the individual 
key. Further, the key distribution device 400 holds an individual 
key identical to the individual key held by the data distribution 
device, and verifies the certifier instead of the signature. 

10 (5) In the above embodiment, the various encryption devices 

each hold separate individual keys . However, the present invention 
is not limited to such a construction. A construction may be used 
in which a plurality of encryption devices making up a group hold 
a common group key, a certifier being generated based on the group 

15 key. 

If this is the case, the key distribution device holds the 
group key and information to identify the devices making up the group, 
and uses the group key instead of the individual keys of the above 
embodiment . 

20 (6) The above embodiment is described with only the encryption 

device 200 being permitted to perform encryption processing, and 
with the encryption device 300 as the only outsource destination 
device. However, the present invention is not limited to such a 
construction . 

25 For example , a plurality of devices may be permitted to perform 

I encryption processing, and a plinrality of encryption device IDs ID' a 
recorded in the license. Another possibility is that a plurality 
of encryption devices may be outsourced encryption processing, and 



a plurality of IDs ID'a recorded in the renewed license as outsource 
destination IDs ID' o . 

( 7 ) Decryption devices may be provided instead of encryption 

devices . 

5 If this is the case, the encrypted content data is distributed 

from the data distribution device, and a decryption device with 
permission to decrypt transmits a license to the key distribution 
device in the same way as for the encryption processing. The key 
distribution device performs signature verification in the 

10 substantially the same way as for the embodiment, and distributes 
the key data for decrypting the encrypted content data . The decryption 
device that has acquired the key data, decrypts the encrypted content 
data using the key data, and generates the plain text content data, 
which can then be used. 

15 Further, where the decryption of the encrypted content data 

is to be outsourced, the license is renewed in the same way as for 
the outsourcing of encryption processing, and the decryption 
processing outsourced in the same way as for the encryption processing . 
{ 8 ) The encryption device 200maybe realizedas anLSl integrated 

20 circuit having functions similar to the ones described above. 

The various functions may be performed by separate chips. 
Alternatively, some or all of the functions may be integrated onto 
a single chip. 

Note that though LSI is used here, the circuit may be variously 
25 described as IC, system LSI, super LSI or ultra LSI depending on 
the level of integration. 

Note also that the technique used to make an integrated circuit 
for the encryption device 200 does not have to be LSI . A special -purpose 



circuit or general -purpose processor may be used instead . LSI circuits 
whose configurations can be altered after production such as the 
programmable FPGA (Field Programmable Gate Array) or a reconf igurable 
processorwhose circuit cell connections and settings are configurable 
5 may also be used. 

Moreover, if, due to progress in the field of semiconductor 
technology or the derivation of another tedhnology, a technology 
to replace LSI emerges, that technology may, as a matter of course, 
be used to integrate the functional block. The use of biotechnology, 
10 and the like is considered to be a possibility. 

(9) Note that the outsourced processing may be further 
outsourced from the outsource destination encrypt ion device toanother 
encryption device. If this is the case, much as for the encryption 
device 200, the encryption device 300 includes a verifier generating 
15 unit, an outsource processing mit, and an outsource destination 
ID storing unit, and further renews the renewed license received 
from the encryption device 200, 

As shown in FIG. 17 , the verifier generating unit of encryption 
device 300 further adds an identifier 126 for the device of the further 
20 outsource destination and further generates a certifier 127 using 
an individual key. The certifier 127 is generated for the issue date 
121, the identifier 122, the signature 123, the identifier 124 and 
the certifiers 125 and 126, much as in the encryption device 200. 
The generated certifier 127 is added to generate a renewed 
25 license 150, and the renewed license 150 is transmitted together 
with the content data to the outsource destination encryption device . 

The outsourced encryption device transmits the renewed license 
150 to the key distribution device 400 as in the embodiment. 



The key distribution device 4 0 0 j udges whether or not the license 
has been renewed and if so, how many renewals have taken place. One 
way this can be achieved is by judging from the data size as in the 
embodiment. As in the embodiment, where in the renewed license, the 
5 outsource destination encryption device identifier 124 is 2 bytes 
long and certifier 125 is 16 bytes long, if the received license 
is 62 bytes, it is judged to have been renewed only once. Further, 
if the renewed license is 80 bytes, it possible to judge that it 
has been renewed twice. 

10 Note that where multiple renewal of the license is being 

performed, for each renewal, thekeydistributiondevice400 reselects 
the individual keys that are individually held in each of the various 
encryption devices, verifies the various certifiers, and encrypts 
the key data using the individual key that is individually held by 

15 the encryption device having the last indicated outsoiirce destination 
ID. 

(10) In the embodiment, the content data is transmitted between 
the various devices as plain text , but the content data maybe encrypted 
before being transmitted. Note that since the encryption techniques 

20 for this transmissioncanbeachievedusinganyofnxmiberof well-known 
techniques, a description is omitted here. 

(11) When the outsource source device outsources processing 
to another device, the outsource source device needs to confirm the 
legitimacy of the other device, and hence performs apparatus 

25 authentication with the other device. Where the outsoiarce source 
device judges the other device to be legitimate, it outsources the 
processing. Note that since the apparatus authentication can be 
achieved using any of a niimber of well-known techniques , a description 



is omitted here. 

(12) When transmitting the key data to the encryption device, 
the key distribution device 400 encrypts the key data using the 
individiial key of the transmission destination, and transmits the 

5 encrypted key data. However the present invention is not limited 
to this method. For example, instead of the individual key, a public 
key corresponding to a secret key held by the transmission destination 
encryption device may be used. Alternatively, apparatus 
authentication and common key processing may be carried out between 
10 the key distribution device 400 and the transmission destination 
encryption device, a session key only valid for the duration of a 
session supplied to the transmission destination encryption device, 
and the key data encrypted using the session key. 

(13 ) The present invention may be the methods indicated above . 
15 Further, these methods may be a computer program executed by a computer 

and further be the digital code of the computer program. 

Further, the present invention may be the above-mentioned 
computer program and the digital code recorded onto a recording medium 
that can be read by a computer. Examples of such recording media 
20 include, flexible disk, hard disk, CD-ROM, MO, DVD-ROM, DVD-RAM, 
BD (Blu-ray Disc), semiconductor memory and the like. 

Further, the present invention may be realized such that the 
computer program and the digital code are transmitted across 
telecommunications networks , wired and wireless, such as the Internet 
25 and the like. 

Further, the present invention may be a computer system having 
a microprocessor and a memory, the memory holding the above-mentioned 
computer program and the microprocessor performing operations 



according to the computer program. 

Further, the computer program and the digital code may be 
installed on an independent computer system by either recording the 
digital code one of the recordingmediumand transferring the recording 
5 mediijm, or transferring the computer program and digital code via 
one of the networks. 

(14) The present invention may include various combinations 
of the embodiment and the modifications. 

10 4 . Summary 

As described above , the present invention includes an outsource 
source encryption device that has permission to encrypt content 
received from a content distribution device and outsources encryption 
of the received content to an outsource destination encryption device , 

15 the outsoijrce source encryption device including: a receiving unit 
operable to receive first license information proving that the 
outsource source encryption device has permission from the content 
distribution device to use the content; a generating unit operable 
to generate second license information that includes the received 

20 first license information and proves that encryption of the content 
has been outsourced to the outsource destination encryption device; 
and a transmission imit operable to transmit the generated second 
license information together with the received content to the 
outsource destination encryption device. 

25 The present invention further includes a key distribution 

device that distributes key data used in encryption of content to 
encryption devices, the key distribution device including: an 
acquiring unit operable to acquire second license information that 



includes first license information proving that the first encryption 
device is permitted to use the content and proves that encryption 
of the content has been outsourced from a first encryption device 
to a second encryption device ; a j udging unit operable to j udge whether 
5 or not the second license information was generated by the first 
encryption device; and a transmission unit operable to transmit the 
key data to the second encryption device if a result of the judgment 
is in the af f irrnative . 

The present invention further includes a key distribution 

10 system that distributes key data for using content, the key 
distribution system including : an outsource source encryption device 
operable to receive first license information proving that the 
outsource source encryption device is permitted to use the content, 
generate second license information that includes the first license 

15 information and proves that encryption of the content has been 
outsourced to an outsource destination device, and transmit the 
generated second license information together with received content 
to the outsource destination encryption device; an outsource 
destination encryption device operable to receive the second license 

20 information together with the content, transmit the received second 
license information to a key distribution device and receive the 
key data from the key distribution device; and a key distribution 
device operable to receive the second license information, judge 
whether or not the second license information was generated by the 

25 first encryption device, and transmit the key data to the second 
encryption device when the judgment is in the affirmative. 

With this construction, the first encryption device is verified 
for use of the content via the first license information, and the 



outsourcing of use of the content from first encryption device to 
the second encryption device can be verified via the second license 
information. Hence, the key distribution device, which distributes 
keys, can judge whether or not the second encryption device has been 
5 legitimately outsourced use of the content, and distribute the key 
data accordingly. 

Here, the generating ixnit may use individual information 
particular to the outsource source encryption device to generate 
certification information based on the first license information, 

10 and the second license information may further include the 
certification information. 

Further, the second license information may include 
certif icationinfonnationgeneratedfor the first license information 
using individual inf ormationparticular to the first encryption device , 

15 and the j udging unit may hold verification information corresponding 
to the individual information, and judge using the verification 
information. 

With this construction, the key distribution device is able 
to judge whether or not the first encryption device generated the 
20 secondlicenseinformationbyverifying the certification information, 
because individiial information particular to the outsource source 
device is used. 

Here, the generating unit may generate the certification 
information based on identification information of the outsource 
25 destination encryption device and the first license information. 

Further, the certification information may be generated from 
the first license information and the identity information of the 
second encryption device. 



with this construction, it can be verified that the first 
encryption device, the outsource source, has outsourced content 
processing to the second encryption device because the certification 
information is generated using identity information identifying the 
5 outsource destination as the second encryption device. 

Here, the certification information may be a certifier 
generated using secret key encryption, and the individual information 
may be a secret key used in the secret key encryption. 

Further, the certification information may be a certifier 

10 generated using secret key encryption, the individual information 
may be a secret key used in the secret key encryption, the judging 
unit may generate the certifier by performing an algorithm in 
substantially the same way as the secret key encryption is performed 
on the first license information, and judge whether or not the generated 

15 certifier and a received certifier match, and when the generated 
and received certifiers match, judge that the second license 
information was generated by the first encryption device. 

Further, the certification information may be digital 
signature data generated using public key encryption, the individual 

20 information may be a secret key used in the public key encryption, 
the verification information may be a px±)lic key corresponding to 
the secret key, and the judging unit may perform verification on 
the digital signatiare data using the public key, and if a verification 
result indicates successful verification, judge that the second piece 

25 of license information was generated by the by the first encryption 
device . 

With this construction, it can be ascertained whether or not 
the first encryption device has generated the certifier information 



using the certifier or the digital signature. Hence it can be judged 
whether or not the first encryption device has outsourced the content 
processing. 

Here, the first license information may include certification 
5 information generated using individual information particular to 
the content distribution device. 

With this construction, it can be verified whether or not 
permission to use the content has beengivenby the content distribution 
device . 

10 Here, the certification information may be generated based 

on identity information of the outsource source encryption device . 

with this construction it can be verified, from the identity 
information of the source encrypt ion device, whether or not the content 
distribution device has permitted the outsource source encryption 
15 device to make use of the content. 

Here, the certification information may be a certifier 
generated using secret key encryption, aindthe individual information 
may be a secret key used in the secret key encryption. 

Further, the certification information may be digital 
20 signature data generated using public key encryption, and 

the individual infomnation may be a secret key of the public key 
encryption. 

With this construction, it can be verified whether or not the 
content distribution device has generated the license information, 
25 and ascertained whether or not the content distribution device has 
permitted the use of the content. 

Here, the receiving unit may further receive fourth license 
information that includes third license information proving that 



another encryption device has permission to use the content from 
a content distribution device and proves that the other encryption 
device has outsourced the encryption of the content to the outsource 
source encryption device, the generating unit may generate fifth 
5 license information that includes the fourth license information 
and proves that encryption has been outsourced to the outsource 
destination encryption device, and the transmission unit may 
transmit the fifth license information together with the content 
to the outsource destination encryption device. 

10 Here, the acquiring unit may further acquire third license 

information that includes the second license information and proves 
that the encryption of the content has been outsourced from the second 
encryption device to a third encryption device, the judging unit 
may further judge whether or not the third license information was 

15 generated by the second encryption device, and the transmission unit 
may further transmit the key data to the third encryption device 
if the judgment result is in the affirmative. 

With this construction, even when an outsoxirced encryption 
device further outsources use of the content to another encryption 

20 device, 

providing that the key distribution device can confirm that the 
outsourcing is legitimate , the key distribution device can distribute 
the key data. Hence, the various encryption devices can flexibly 
outsource use of the content as conditions require. 
2 5 With this construction , the key distribution device is flexible 

enough to carry out outso\ircing , even if processing has been outsourced 
to another encryption device by the encryption device to which 
processing was initially outsourced. This is because the key 



distribution device can distribute key data provided that it can 
ascertain that the processing has been legitimately outsourced. 

Here, the key distribution device, may further include an 
acquired information jvidging unit that judges which of the first 
5 license information and the second license Information the acquiring 
unit has received, wherein, the judging unit, whenthe judgment result 
from the acquired information judging unit indicates that the first 
piece of license information has been received, judges whether or 
not the first license information was generated by the content 

10 distribution device which distributes the content, and when the 
j vidgment result indicates that the second piece of license information 
has been received, judges whether or not the second license information 
was generated by the first encryption device, and the transmission 
unit, when the judgment result from the acquired information judging 

15 vmit indicates that the first license information has been received, 
transmits the key data to the first encryption device, and when the 
judgment result indicates that the second license information has 
been received, transmits the key data to the second encryption device . 
Further, the acquired information judging unit may judge that 

20 the first license information was received if the data size of the 
acquired information is less than or equal to a predetermined value, 
and judge that the second license information was received if the 
data size is greater than the predetermined value. 

With this construction, as well as distributing the key data 

25 when encryption is judged to have been outsourced, the key data can 
also be distributed when encryption of the content has not been 
outsourced, provided that the encryption device in question has 
permission to use the content. This makes the system more flexible. 



Here, the key distribution device may further include: a key 
holding unit operable to hold an individual key also held by the 
second encryption device, the individual key being particular to 
the second encryption device; and an encryption unit operable to 
5 encrypt the key data using the individual key to generate encrypted 
key data, wherein the transmission unit transmits the encrypted key 
data to the second encryption device as the key data. 

With this construction, the key data is encrypted using an 
individual key, so even if the encrypted key data is acquired by 
10 another device, it cannot be decrypted. Hence use of the content 
by illegitimate devices can be prevented. 



Industrial applicability 

The present invention can be used administratively and also 
15 repeatedly and continuously in the software industry in which software 
such as computer programs and digitized content, including copyright 
material such as movies and music, are being provided. Further, the 
relay devices , key distribution devices and integrated circuits can 
be produced and marketed by manufacturers of electronics and the 
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ABSTEUlCr 



Akey distribution system distributes key data for using content 
to a second encryption device that has been legitimately outsourced 
5 processing by a first encryption device . The first encryption device 
acquires permission information indicating that the first encryption 
device has permission to use the content, generates certification 
information by making an irreversible alteration the to permission 
information, and transmits the permission information and the 

10 certification information to the second encryption device . The second 
encryption device receives the permission information and the 
certification information, sends them to a key distribution device, 
and acquires the key data from the key distribution device . The key 
distribution device receives the permission information and the 

15 certification information, judges whether or not the certification 
information was generated by the by the first encryption device, 
and if judging in the affirmative, transmits the key data to the 
second encryption device. 
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